Description: The article is mainly showing us something about Microsoft mechanics and some details about updates to Microsoft Intune on Azure with new admin experience in the azure portal.
Welcome to Microsoft mechanics we take a look at the updates to Microsoft Intune on Azure with new admin experience in the azure portal, including role based access control, entire integration with Azure Active Directory with groups and morph. And lastly, reporting and automation capabilities with the Microsoft graph API.
We realize that as you need to manage more devices across a diverse set of platforms and an ever wider range of scenarios. We needed to modernize the service to better meet those needs, so the decision to move into the Azure and adopter micro services architects that gives us a great number of advantages we can scale to vastly increased, number of devices we can deliver features and functionality faster and deliver better resiliency security and availability all, while allowing you to manage the service of our api’s and scripts as well as our great new web UI.
So having these great capabilities translate into what we’ll see in Microsoft. So the first piece of good news is that all of in tune management is in tiers your pool, there’s no longer any need for Silverlight and it works on virtually any browser on any device. So I’ve got into an open here in these your pool on my Mac in Safari. In fact, now one of the greatest things about the pool is that I can create custom dashboards.
So I’ve created a sport that has tiles from in tune as your active directory as well as some live tiles giving me information about my sign-ins from Active Directory. I want to supplement this with some information from in tune, I can switch over to one of the YouTube views, let’s say I want to pick my OS distribution. I can pin that over as your dashboard, when I navigate back, there’s my information or right there.
What happens is instead of having to type in all the information over and over, I can perform a search drag into the store itself. So I wanted to give people a word with friends, because that’s always a classic. I can perform a search, it pulls right up and with a couple of clicks now that app is pulled directly into you.
So it’s an easier management experience, all in one place with greater visibility and Mojo cinching is obviously. Potter’s enterprise mobility and security or EMS for short, and how we are going to bring all of those components together inside of the azure portal. So one of the greatest examples of how to bring in EMS together is round groups, so groups are now shared across as your ad office 365 Microsoft Intune and a whole bunch of other Microsoft services.
If I go into in June, I select groups, this takes me across to the Jura Active Directory blade and this is the same list of devices and groups that I’d see across all of my services. Now something new that we’ve added is the ability to do device groups, so I have a device group that’s for all iOS devices.
Now in the past without this capability, I had to add devices manually. But instead, I can specify rules to look for all devices with a type of iOS and I can do simple rules or I can do a complex rule, I’ve shown where I’m looking for all devices that are type iPhone or a type iPad now anytime that a device that meets this criteria shows up in my directory any policies. and apps that I’ve assigned to that group will automatically apply to these devices.
So this experience is much more streamlined than it’s been before and it’s completely integrated with Azure ad there are other examples where we’re doing that kind of integration. There is a great example that is conditional access.
Now it’s all together in one single place, so create a policy here for exchange online and I made sure that the access controls require that the users coming in from a compliant device.
We have another show, that’s dedicated to conditional access, so take a look at that show. I also know that role based access is an area, where people have been looking for what we’re going to do and what we have been doing. So we’ve invested in highly customizable roles and permissions, not only can you define granular permissions, but you can also scope where a user can exercise of permissions.
For example, there is something that created a custom role, just for help desk and what I’ve done is that I’ve given that role very limited permissions. limited set of device actions. And in fact, I’ve scoped this down so that they can only perform these actions against a specific group. In this case, this is my iOS devices. So I can assign somebody, it helps this role and they can reset device reset passwords, but only for folks in that group and only on those set devices.
So does this work with device groups? No, it works with all kinds of groups, any group that exists in your active directory you could use, so you could use it based on region, you could based it on department, anywhere you want to slice it. So those are like amazing investments in the UI, we do anything for folks that prefer to automate everything.
Everything you see in the UI is exposed to the Microsoft graph API. Because of this, you can script and automate a bunch of common tasks. So I can show you how we leveraged reporting and visualization using power bi. So I’ve built a dashboard in power bi, that’s connected to graph, it pulls information from the directive directory, so I can see things like unfamiliar signings, it pulls information from in tune.
So I can see a breakdown of my devices by OS, I’ve got on the right hand side here 18 users a breakdown of my operating systems from in tune as well. And I’ve got a list of the number of the users in my directory and I can see things about how long devices check in for. And when they check in now, a fairly common scenario is to show devices that haven’t talked to service in a while so that we can clean them up periodically.
Now I could do this manually in the UI, but it tends to be something. I’m likely to do every month
or so, so I’ve written a PowerShell script, so I go into PowerShell and it’s going to connect to the service, it’s going to pull all the information from graph, find those devices enrolled and then go delete and firm into.
This is great, this is a lot of stuff that people have been asking for quite some time. How can these folks try these things, so if you’re already an inch in customer, it’s most likely that your tenant has been provisioned. If not, you can expect to be migrated soon, and you’ll see a link in top of Silverlight that takes you to the new portals. You can also follow the link below and create yourself a new trial tenant to test these things.